CipherSaber-2 - RC4 based stream encryption

7 posts in this topic

wraithdu 68

This is my implementation of CipherSaber-2 ( http://ciphersaber.gurus.org/ ). CipherSaber is a version of RC4 that adds a 10 byte random IV to each piece of encoded data. CipherSaber-2 augments this with a configurable number of key setup rounds ( http://ciphersaber.gurus.org/faq.html#cs2 ).

I decided to do the actual encryption / decryption in machine code so it is fast enough to be used on moderately sized files. The key setup is still done in AutoIt.

I prefer this routine to AutoIt's _StringEncrypt because the output is the same size as the input, regardless of key rounds or encryption rounds.

Note: If you visit the site to learn more or run the official test cases, a bunch of the links incorrectly point to a .com domain. Just change those to .org and they will work properly.

Share this post

Link to post

Share on other sites

corz 10

"In George Lucas' Star Wars trilogy, Jedi Knights were expected to make their own light sabers. The message was clear: a warrior confronted by a powerful empire bent on totalitarian control must be self-reliant. As we face a real threat of a ban on the distribution of strong cryptography, in the United States and possibly world-wide, we should emulate the Jedi masters by learning how to build strong cryptography programs all by ourselves. If this can be done, strong cryptography will become impossible to suppress."

Looks great wraithdu, but it's hardly building your own Light Saber! The main feature of Cipher Saber is, "it's designed to be simple enough that even novice programmers can memorize the algorithm and implement it from scratch". Relying on outside sources, like DLL files, simply defeats the purpose.

Share this post

Link to post

Share on other sites

trancexx 890

^^ I'm sure wraithdu would have written it that way if he'd wanted to. But the thing is he obviously can see limitation of the language he uses. That's why for critical parts of the code he used special technique to go around AutoIt's execution speed issues. That can be classified as rational action by individual with ability to think outside the box.

BTW, his code is self-sufficient, just as yours is, with no purpose defeated.

Share this post

Link to post

Share on other sites

wraithdu 68

But you can hardly say I'm 'relying' on something I wrote myself. I'm using machine code because it's super fast for the intensive parts of this algorithm. Even you cautioned people on your site to 'Have fun, but don't try it on any HUGE files!'. Well, while I wouldn't use this to encrypt gigabytes worth of data, you can certainly use my version to encrypt megabytes at a reasonable rate.

I wrote everything originally in AutoIt, and the AutoIt source for the machine code is there in the comment. Feel free to swap it out if you want to be masochistically purist, but I wouldn't recommend using it for files at that point.

Share this post

Link to post

Share on other sites

jchd 857

May I point out that all this is now completely irrelevant in today's world and 10-years outdated?

Recommendations that a secret symmetric key be changed every 1000 or so uses is a strong hint that it's fairly broken in the first place, not to mention that PGP is the standard way to exchange keys, or that it lacks almost every basic feature a strong encryption program needs for daily use by laymen.

Implementing such simple bare-bones ciphers is at most a very good learning exercise but their widespread use can prove dangerous if non-tech people blindly trust them to be safe in their routine use cases.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post

Link to post

Share on other sites

wraithdu 68

I'll leave it the authors of RC4 and CS-2 to defend the strength of their ciphers (CS-2 gets around the Arcfour / WEP vulnerability by introducing a custom number of key setup rounds, FYI, so it is not necessary to change keys every 1000 messages). I think it is a worthy replacement for AutoIt's _StringEncrypt, which is what I use it for, especially since _StringEncrypt increases the length of the message every additional round.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)